Potential memory leak via msg pointer in nl80211_get_key() function.
Signed-off-by: Niko Jokinen <ext-niko.k.jokinen@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When rtl8187 is unloaded and CONFIG_RTL8187_LEDS is set, the kernel
may oops when the module is unloaded as the workqueue for led_on was
not being cancelled.
This patch fixes the problem reported in
http://marc.info/?l=linux-wireless&m=124742957615781&w=2.
Reported-by: Gábor Stefanik <netrolller.3d@gmail.com>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Pavel Roskin reported some issues with using AP mode without
nohwcrypt=1. Most likely this is similar to the problem fixed
some time ago in ath9k by 3f53dd64f1,
"ath9k: Fix hw crypto configuration for TKIP in AP mode."
That only affects TKIP but it's easiest to just disable that and
WEP too until we get a proper fix in.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
For forwarded frames, we save the precursor address in addr1 in case it
needs to be used to send a Path Error. mesh_path_discard_frame,
however, was using addr2 instead of addr1 to send Path Error frames, so
correct that and also make the comment regarding this more clear.
Signed-off-by: Andrey Yurovsky <andrey@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Once the "data" pointer is freed, we can't be iterating
to the next item in the list any more so we need to use
list_for_each_entry_safe with a temporary variable.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
If you rmmod the module while associated, frames might
be transmitted during unregistration -- which will crash
if the hwsim%d interface is unregistered first, so only
do that after all the virtual wiphys are gone.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The point of this function is to set the software and hardware state at
the same time. When I tried to use it, I found it was only setting the
software state.
Signed-off-by: Alan Jenkins <alan-jenkins@tuffmail.co.uk>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The location of the 802.11 header is calculated incorrectly due to a
wrong placement of parentheses. Found by kmemcheck.
Signed-off-by: Pavel Roskin <proski@gnu.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Apparently there actually _are_ tools that try to set
this in sysfs even though it wasn't supposed to be used
this way without claiming first. Guess what: now that
I've cleaned it all up it doesn't matter and we can
simply allow setting the soft-block state in sysfs.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Tested-By: Darren Salt <linux@youmustbejoking.demon.co.uk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
My kvm instance was complaining a lot about sleeping
in atomic contexts in the mesh code, and it turns out
that both mesh_path_add() and mpp_path_add() need to
be able to sleep (they even use synchronize_rcu()!).
I put in a might_sleep() to annotate that, but I see
no way, at least right now, of actually making sure
those functions are only called from process context
since they are both called during TX and RX and the
mesh code itself even calls them with rcu_read_lock()
"held".
Therefore, let's disable it completely for now.
It's possible that I'm only seeing this because the
hwsim's beaconing is broken and thus the peers aren't
discovered right away, but it is possible that this
happens even if beaconing is working, for a peer that
doesn't exist or so.
It should be possible to solve this by deferring the
freeing of the tables to call_rcu() instead of using
synchronize_rcu(), and also using atomic allocations,
but maybe it makes more sense to rework the code to
not call these from atomic contexts and defer more of
the work to the workqueue. Right now, I can't work on
either of those solutions though.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The byte count table is only used for aggregation. Updating it
in other cases caused fragmented frames to be dropped.
This fixes http://www.intellinuxwireless.org/bugzilla/show_bug.cgi?id=2004
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This changes the power_level file to adhere to the "one value
per file" sysfs rule. The user will know which power level was
requested as it will be the number just written to this file. It
is thus not necessary to create a new sysfs file for this value.
In addition it fixes a problem where powertop's parsing expects
this value to be the first value in this file without any descriptions.
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The driver private data is now based on wiphy. So we should not
touch the private data after wiphy_free() is called. The patch
fixes the potential NULL pointer dereference by making the
iwm_wdev_free() the last one on the interface removal path.
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
irq_set_thread_affinity() calls set_cpus_allowed_ptr() which might
sleep, but irq_set_thread_affinity() is called with desc->lock held
and can be called from hard interrupt context as well. The code has
another bug as it does not hold a ref on the task struct as required
by set_cpus_allowed_ptr().
Just set the IRQTF_AFFINITY bit in action->thread_flags. The next time
the thread runs it migrates itself. Solves all of the above problems
nicely.
Add kerneldoc to irq_set_thread_affinity() while at it.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
LKML-Reference: <new-submission>
The function journal_write_metadata_buffer() calls jbd_unlock_bh_state(bh_in)
too early; this could potentially allow another thread to call get_write_access
on the buffer head, modify the data, and dirty it, and allowing the wrong data
to be written into the journal. Fortunately, if we lose this race, the only
time this will actually cause filesystem corruption is if there is a system
crash or other unclean shutdown of the system before the next commit can take
place.
Signed-off-by: dingdinghua <dingdinghua85@gmail.com>
Acked-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Jan Kara <jack@suse.cz>
The movq instruction, generated by __put_user_asm() when used for
64-bit data, takes a sign-extended immediate ("e") not a zero-extended
immediate ("Z").
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Cc: Uros Bizjak <ubizjak@gmail.com>
Cc: stable@kernel.org
Netbooks based on the Soltech TA12 do not send a key release
for volume keys causing Linux to think the key is constantly
being pressed forever.
Added quirk data for forced release keys.
BugLink: https://bugs.launchpad.net//bugs/397499
Signed-off-by: Jerone Young <jerone.young@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
arch/x86/include/asm/uaccess_64.h uses wrong asm operand constraint
("ir") for movq insn. Since movq sign-extends its immediate operand,
"er" constraint should be used instead.
Attached patch changes all uses of __put_user_asm in uaccess_64.h to use
"er" when "q" insn suffix is involved.
Patch was compile tested on x86_64 with defconfig.
Signed-off-by: Uros Bizjak <ubizjak@gmail.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Cc: stable@kernel.org
The CompuLab SBC-fitPC2 board needs to reboot via BIOS.
Signed-off-by: Denis Turischev <denis@compulab.co.il>
Signed-off-by: Mike Rapoport <mike@compulab.co.il>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
9p: Fix incorrect parameters to v9fs_file_readn.
9p: Possible regression in p9_client_stat
9p: default 9p transport module fix
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
cifs: free nativeFileSystem field before allocating a new one
[CIFS] Distinguish posix opens and mkdirs from legacy mkdirs in stats
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vapier/blackfin: (21 commits)
Blackfin: define HARDIRQ_BITS again for now
arch/blackfin: Add kmalloc NULL tests
Blackfin: add CPLB entries for Core B on-chip L1 SRAM regions
Blackfin: work around anomaly 05000189
Blackfin: drop per-cpu loops_per_jiffy tracking
Blackfin: fix bugs in GPIO resume code
Blackfin: bf537-stamp: fix irq decl for AD7142
Blackfin: fix handling of IPEND in interrupt context save
Blackfin: drop duplicate runtime checking of anomaly 05000448
Blackfin: fix incomplete renaming of the bfin-twi-lcd driver
Blackfin: fix wrong CTS inversion
Blackfin: update handling of anomaly 364 (wrong rev id in BF527-0.1)
Blackfin: fix early_dma_memcpy() handling of busy channels
Blackfin: handle BF561 Core B memory regions better when SMP=n
Blackfin: fix miscompilation in lshrdi3
Blackfin: fix silent crash when no uClinux MTD filesystem exists
Blackfin: restore exception banner when dumping crash info
Blackfin: work around anomaly 05000281
Blackfin: update anomaly lists to match latest sheets/usage
Blackfin: drop dead flash_probe call
...
Standard data flow for MMC/SD/SDIO cards requires that the mvsdio
controller be set for big endian operation. This is causing problems
with buffers which length is not a multiple of 4 bytes as the last
partial word doesn't get shifted all the way and stored properly in
memory. Let's compensate for this.
Signed-off-by: Nicolas Pitre <nico@marvell.com>
CC: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The Blackfin serial headers were inverting the CTS value leading to wrong
handling of the CTS line which broke CTS/RTS handling completely.
Signed-off-by: Sonic Zhang <sonic.zhang@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This function does not have an error return and returning an error is
instead interpreted as having a lot of pending bytes.
Reported by Jeff Harris who provided a list of some of the remaining
offenders.
Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
If spin_lock_irqsave is called twice in a row with the same second
argument, the interrupt state at the point of the second call overwrites
the value saved by the first call. Indeed, the second call does not
need to save the interrupt state, so it is changed to a simple
spin_lock.
The semantic match that finds this problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@@
expression lock1,lock2;
expression flags;
@@
*spin_lock_irqsave(lock1,flags)
... when != flags
*spin_lock_irqsave(lock2,flags)
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The buffer for the consoles are unconditionally allocated at con_init()
time, which miss the creation of the vcs(a) devices.
Since 2.6.30 (commit 4995f8ef9d, 'vcs:
hook sysfs devices into object lifetime instead of "binding"' to be
exact) these devices are no longer created at open() and removed on
close(), but controlled by the lifetime of the buffers.
Reported-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar>
Tested-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar>
Cc: stable@kernel.org
Signed-off-by: Kay Sievers <kay.sievers@vrfy.org>
Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch fixes a problem when a device is stopped while in the
bus-off state. Then the carrier remains off forever.
Signed-off-by: Kurt Van Dijck <kurt.van.dijck@skynet.be>
Signed-off-by: Wolfgang Grandegger <wg@grandegger.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
If dev_alloc_skb() failed in can_restart(), the device was left behind
in the bus-off state. This patch restarts the device nevertheless.
Signed-off-by: Kurt Van Dijck <kurt.van.dijck@eia.be>
Signed-off-by: Wolfgang Grandegger <wg@grandegger.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Remove duplicated #include('s) in
drivers/net/can/sja1000/sja1000.c
Signed-off-by: Huang Weiyi <weiyi.huang@gmail.com>
Signed-off-by: Wolfgang Grandegger <wg@grandegger.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
...otherwise, we'll leak this memory if we have to reconnect (e.g. after
network failure).
Signed-off-by: Jeff Layton <jlayton@redhat.com>
CC: Stable <stable@kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
rain_maker@root-forum.org wrote:
> Hello cesar,
>
> In a recent thread in a german linux forum, a user reported his PIC
> NIC not being recognized by the kernel.
>
> Fortunately he provided enough information and I was able to help him
> and get the device working with the sc92031 driver.
>
> The device ID is [1088:2031] (Vendor is called "Microcomputer Systems
> (M) Son"), here is the respective thread in "ubuntuusers.de"
>
> http://forum.ubuntuusers.de/topic/lankarte-unter-xubuntu-wird-nicht-erkannt/
>
> (Although you might not speak german, the code provided will show
> you, that the device is actually working with your driver).
>
> It would be nice, if you include this new device ID to the
> sc92031-driver.
>
> Regards,
>
> Axel Köllhofer (aka Rain_Maker)
Cc: rain_maker@root-forum.org
Signed-off-by: Cesar Eduardo Barros <cesarb@cesarb.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
3c589_cs:
re-initialize the multicast in the tc589_reset,
and spin_lock the set_multicast_list function.
Signed-off-by: Ken Kawasaki <ken_kawasaki@spring.nifty.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
I guess it should be -EINVAL rather than EINVAL. I have not checked
when the bug came in. Perhaps a candidate for -stable?
Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Check temperature for all PCI functions, that can allow
graceful shutdown of all interfaces on the overheated card.
Old code was only monitoring temperature for function 0 only.
Signed-off-by: Dhananjay Phadke <dhananjay@netxen.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
netxen: fix deadlock on dev close
The tx ring accounting fix in commit cb2107be43
("netxen: fix tx ring accounting") introduced intermittent
deadlock when inteface is going down.
This was possibly combined effect of speculative tx pause,
calling netif_tx_lock instead of queue lock and unclean
synchronization with napi which could end up unmasking
interrupt.
Signed-off-by: Dhananjay Phadke <dhananjay@netxen.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
o Use D3 reset context deletion for NX2031, it cleans up
more resources in the firmware.
o Release rx buffers after hardware context has been reset.
o Delete tx context after rx context, some firmware control
commands are sent on tx context, so it should be the last
to go.
Signed-off-by: Dhananjay Phadke <dhananjay@netxen.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Network driver for the SPI version of the Micrel KS8851
network chip.
Signed-off-by: Ben Dooks <ben@simtec.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
On Soundblaster X-FI Titanium with emu20k2 the SIDE and SURROUND
channels were swapped and wrong.
I double checked it with connector colors and creative soundblaster
windows drivers.
So I swapped them to the true order.
Now "speaker-test -c6" and "speaker-test -c8" are working fine.
Signed-off-by: Frank Roth <frashman@freenet.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
When the TCP connection handshake completes on the passive
side, a variety of state must be set up in the "child" sock,
including the key if MD5 authentication is being used. Fix TCP
for both address families to label the key with the peer's
destination address, rather than the address from the listening
sock, which is usually the wildcard.
Reported-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: John Dykstra <john.dykstra1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fix MD5 signature checking so that an IPv4 active open
to an IPv6 socket can succeed. In particular, use the
correct address family's signature generation function
for the SYN/ACK.
Reported-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: John Dykstra <john.dykstra1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Add mac driver support for evaluation board based on w90p910.
Signed-off-by: Wan ZongShun <mcuos.com@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The capture buffer size with 64kB seems broken with CA0106.
At least, either the update timing or the DMA position is wrong,
and this screws up pulseaudio badly.
This patch restricts the max buffer size less than that to make life
a bit easier.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Cc: <stable@kernel.org>
The recent rewrite of the codec parser for STAC9872 caused a regression
for some Sony VAIO models that don't give proper pin default configs
by BIOS. Even using model=vaio doesn't work because the pin definitions
are set after the pin overrides.
This patch fixes the pin definitions in patch_stac9872() to be put
in the right place before the pin overrides. Also the patch adds the
new quirk entry for VAIO F/S to have the correct pin default configs.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Cc: <stable@kernel.org>
Gateway T6834c laptops need EAPD always on while the default behavior
for the STAC9205 reference board is to turn it off upon every HP plug.
By using the special "eapd" model, which is first introduced for Gateway
T1616 laptops for this same reason, this peculiarity can be properly
handled.
Signed-off-by: Hao Song <baritono.tux@gmail.com>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
If the NULL test is necessary, then the dereferences should be moved below
the NULL test.
The semantic patch that makes this change is as follows:
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@@
type T;
expression E,E1;
identifier i,fld;
statement S;
@@
- T i = E->fld;
+ T i;
... when != E=E1
when != i
if (E == NULL||...) S
+ i = E->fld;
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Writing a zero length string to sys/.../current_clocksource will cause
a NULL pointer dereference if the clock events system is in one shot
(highres or nohz) mode.
Pointed-out-by: Dan Carpenter <error27@gmail.com>
LKML-Reference: <alpine.DEB.2.00.0907191545580.12306@bicker>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
If spin_lock_irqsave is called twice in a row with the same second
argument, the interrupt state at the point of the second call overwrites
the value saved by the first call. Indeed, the second call does not need
to save the interrupt state, so it is changed to a simple spin_lock.
The semantic match that finds this problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@@
expression lock1,lock2;
expression flags;
@@
*spin_lock_irqsave(lock1,flags)
... when != flags
*spin_lock_irqsave(lock2,flags)
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Takashi Iwai <tiwai@suse.de>